package com.legal.config;

import com.legal.service.user.impl.UserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * 继承WebSecurityConfigurerAdapter的方式已在 Spring Security 5.7.0 + 中弃用，无法使用
 * @author xiaopeng
 * @version 1.0
 */
//@Configuration
//@EnableWebSecurity
//public class SecurityConfig_Extend_Adapter extends WebSecurityConfigurerAdapter {
//    @Autowired
//    private UserServiceImpl userDetailsService;
////    @Autowired
////    private LoginFilter loginFilter;
////    @Autowired
////    private AuthFilter authFilter;
//
//
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        // 禁用session机制
//        http.csrf().disable()
//                .sessionManagement()
//                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//
//        http.authorizeRequests()
//                // 指定某些接口不需要通过验证即可访问。像登陆、注册接口肯定是不需要认证的
//                .antMatchers("/sec/login").permitAll()
//                .anyRequest().authenticated()
//
//                // 自定义权限配置
//                .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
//                    @Override
//                    public <O extends FilterSecurityInterceptor> O postProcess(O o) {
//                        o.setAccessDecisionManager(customUrlDecisionManager);
//                        o.setSecurityMetadataSource(customFilter);
//                        return o;
//                    }
//                })
//                .and()
//                // 禁用缓存
//                .headers()
//                .cacheControl();
//
//        http.addFilterBefore(jwtAuthencationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//        // 添加自定义未授权和未登陆结果返回
//        http.exceptionHandling()
//                .accessDeniedHandler(restfulAccessDeniedHandler)
//                .authenticationEntryPoint(restAuthoricationEntryPoint);
//    }
//
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        // 指定UserDetailService和加密器
//        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
//    }
//
//    @Bean
//    @Override
//    protected AuthenticationManager authenticationManager() throws Exception {
//        return super.authenticationManager();
//    }
//
//    @Bean
//    public PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder();
//    }
//}
